Overview

overview

7

Static

static

7

1f471a4d1e...d3.exe

windows7-x64

7

1f471a4d1e...d3.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1f471a4d1e7daa886b6cf9c48c6151d3

  • Size

    343KB

  • Sample

    231230-2zsayaghan

  • MD5

    1f471a4d1e7daa886b6cf9c48c6151d3

  • SHA1

    788524420449df47b9ee204a7a4329b8b8d2d07c

  • SHA256

    1a34455ce3bb799c173bd51995e88758b9642a5533b787fa1f5c9c08788ca1c6

  • SHA512

    d7f2af2af556798d99737acbb51dc362ec74e2d9d55479297c9c7e6d591728a30311c77d28de35cf62349595087feaaf4418710212c3f590db8195b69b6d2933

  • SSDEEP

    6144:bOu/NbK2QmH07fNCtkZyAZC3ijwd1m3KQwIUy61CaJDnWuVVoD4z2kG283tmzdqy:Xe2QocXZrZD61m3wIba5xVZzVG28Odqy

Score
7/10
persistencespywarestealerupx

Malware Config

Targets

    • Target

      1f471a4d1e7daa886b6cf9c48c6151d3

    • Size

      343KB

    • MD5

      1f471a4d1e7daa886b6cf9c48c6151d3

    • SHA1

      788524420449df47b9ee204a7a4329b8b8d2d07c

    • SHA256

      1a34455ce3bb799c173bd51995e88758b9642a5533b787fa1f5c9c08788ca1c6

    • SHA512

      d7f2af2af556798d99737acbb51dc362ec74e2d9d55479297c9c7e6d591728a30311c77d28de35cf62349595087feaaf4418710212c3f590db8195b69b6d2933

    • SSDEEP

      6144:bOu/NbK2QmH07fNCtkZyAZC3ijwd1m3KQwIUy61CaJDnWuVVoD4z2kG283tmzdqy:Xe2QocXZrZD61m3wIba5xVZzVG28Odqy

    Score
    7/10
    persistencespywarestealerupx

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks